diff --git a/mapping.csv b/mapping.csv index 420e3f08047..dd6afebca6a 100644 --- a/mapping.csv +++ b/mapping.csv @@ -260463,3 +260463,87 @@ vulnerability,CVE-2024-5333,vulnerability--d0372409-4357-4952-97ff-62b7675020f0 vulnerability,CVE-2024-29671,vulnerability--1f293191-4375-4520-8ac5-9651eb28fb34 vulnerability,CVE-2024-43234,vulnerability--8c06f725-97ae-4828-b13b-8b3d72ae0021 vulnerability,CVE-2024-6001,vulnerability--d0bed3d8-5455-4a29-98da-dfcb341d3a1b +vulnerability,CVE-2024-51175,vulnerability--b806b22a-576e-4408-b13b-0118a6f5dff3 +vulnerability,CVE-2024-51479,vulnerability--3922697f-0948-459c-9caf-af964bc92530 +vulnerability,CVE-2024-52542,vulnerability--ec94cf8c-5eba-44a9-9a60-3ada93398de3 +vulnerability,CVE-2024-52792,vulnerability--8f405f03-2b0e-46b8-8ff3-d3f9068a91e7 +vulnerability,CVE-2024-12239,vulnerability--e0565a3f-bfe7-429b-b741-20e5af3f204c +vulnerability,CVE-2024-12179,vulnerability--75370c80-3fd4-4ea8-84b8-a5353d8a2089 +vulnerability,CVE-2024-12670,vulnerability--a3f6c377-0961-46b9-a733-7bf656cab1b4 +vulnerability,CVE-2024-12197,vulnerability--14d1e388-6699-47eb-a2fe-7790382aadb8 +vulnerability,CVE-2024-12469,vulnerability--696daa6a-8391-4baf-88de-8083c2708f09 +vulnerability,CVE-2024-12178,vulnerability--57271ff4-fd3f-47b8-a9ce-c72f15c2d1c9 +vulnerability,CVE-2024-12192,vulnerability--69633a83-4ae6-4fe0-adec-a4ac701ac536 +vulnerability,CVE-2024-12293,vulnerability--93fa2aad-69bc-481a-a724-da0f0e901b91 +vulnerability,CVE-2024-12024,vulnerability--62106809-3524-41b1-b469-333fa6d73d19 +vulnerability,CVE-2024-12219,vulnerability--bda45d49-b901-4773-ad4a-4e7996382584 +vulnerability,CVE-2024-12194,vulnerability--dd16fb6a-0615-4cfc-810b-c084fb5eb630 +vulnerability,CVE-2024-12601,vulnerability--c00824ce-2b6e-48e3-8948-42a41f6c81b5 +vulnerability,CVE-2024-12127,vulnerability--ef0b3c5b-483a-48a3-b914-095e8b886ad0 +vulnerability,CVE-2024-12191,vulnerability--9dcf6100-f427-471a-84b3-0f3090bcefa4 +vulnerability,CVE-2024-12200,vulnerability--13df7f2c-0bcf-4b18-9b1c-bf193cbe1726 +vulnerability,CVE-2024-12356,vulnerability--a1914f6a-0af0-4828-aaa9-8d8313f74cda +vulnerability,CVE-2024-12193,vulnerability--2a5c26c9-5da7-4925-b88b-28818c4dede4 +vulnerability,CVE-2024-12671,vulnerability--64c84e57-59fb-4a4e-9913-de3e5142531f +vulnerability,CVE-2024-12198,vulnerability--228d5e69-ea1c-4a7a-8524-54ce01769ec5 +vulnerability,CVE-2024-12395,vulnerability--335512cd-8173-4074-acd1-44167c750048 +vulnerability,CVE-2024-12199,vulnerability--0d8d99b4-e4ec-4abf-a990-08e14160f2be +vulnerability,CVE-2024-12220,vulnerability--55366ce0-f1f0-4a3e-a1a4-6a65f63e7959 +vulnerability,CVE-2024-12539,vulnerability--d09d8acb-6dd9-4d19-9a2b-4f1337a0ce68 +vulnerability,CVE-2024-12669,vulnerability--70137041-fb54-4487-b911-b6bc0104fa43 +vulnerability,CVE-2024-10356,vulnerability--f1e301d9-2660-4faf-a24b-a67beba893b5 +vulnerability,CVE-2024-10973,vulnerability--74447789-35ee-43bc-934e-b51b2cd89963 +vulnerability,CVE-2024-10476,vulnerability--d7c9e6d4-26df-4511-8614-a9e7e4e13371 +vulnerability,CVE-2024-10205,vulnerability--2c64da4a-fce1-42ad-b14b-42ba4f564fbf +vulnerability,CVE-2024-9654,vulnerability--f3714bca-0238-4114-b424-a5f8c1c103bd +vulnerability,CVE-2024-9819,vulnerability--a290f81e-8adb-4706-8c8e-446628dc7b83 +vulnerability,CVE-2024-9624,vulnerability--ee47ce32-e4d1-4354-83d4-4a8954fd342a +vulnerability,CVE-2024-9779,vulnerability--dad3e9a8-9d73-4943-8472-5453db0ded74 +vulnerability,CVE-2024-50379,vulnerability--a7175a64-df12-43ad-b03a-155550ffbf7c +vulnerability,CVE-2024-11999,vulnerability--96668a76-d3ee-4657-84de-e1cd0dc6587f +vulnerability,CVE-2024-11422,vulnerability--e6f90917-977d-4fee-9df1-f54bb3ff2ad1 +vulnerability,CVE-2024-11294,vulnerability--64e39b4e-e1ec-4edc-b906-7e7e314b9626 +vulnerability,CVE-2024-11280,vulnerability--2dbc4652-9f85-4f53-a537-1d271520d3a0 +vulnerability,CVE-2024-11993,vulnerability--361cb349-4bbe-4b45-97f0-fe8701febd98 +vulnerability,CVE-2024-53144,vulnerability--2e390297-ddff-4467-af60-5370539cafe6 +vulnerability,CVE-2024-8972,vulnerability--156022d6-a78f-48ad-81c9-7893b3395bcb +vulnerability,CVE-2024-8429,vulnerability--1bb7e050-62d2-42be-8c43-da7b8ac42c58 +vulnerability,CVE-2024-8475,vulnerability--8ddfa831-8bb5-4c04-a4cb-e621ae99254b +vulnerability,CVE-2024-8326,vulnerability--f0399420-7705-43a8-9c6e-caaaa834d3fa +vulnerability,CVE-2024-38499,vulnerability--f8821bc0-8970-4ee9-a0b5-6377515f2011 +vulnerability,CVE-2024-31668,vulnerability--7b847ff6-7e24-4f33-b3af-c58d027188ca +vulnerability,CVE-2024-37606,vulnerability--1e79bce8-18e1-4898-94eb-64b3fa2a5346 +vulnerability,CVE-2024-37605,vulnerability--979daf62-2a55-4acf-84d9-57d531210ef1 +vulnerability,CVE-2024-37607,vulnerability--69a1e304-4833-4e13-8a5d-576d3c2eab28 +vulnerability,CVE-2024-54677,vulnerability--eb394e53-63d3-422e-b698-0c5204cdae18 +vulnerability,CVE-2024-54662,vulnerability--115c75be-1b7d-4369-a11c-eab0ce1c6d7e +vulnerability,CVE-2024-54125,vulnerability--ed89ab84-175c-4393-bfc3-42d49d3893d0 +vulnerability,CVE-2024-55516,vulnerability--cda47857-debd-4893-8ac7-d740ee79270a +vulnerability,CVE-2024-55057,vulnerability--67ff4141-411e-414b-8776-6d273ae61f5a +vulnerability,CVE-2024-55513,vulnerability--46eb8dfc-6f08-41c6-a343-bb873fa0aabf +vulnerability,CVE-2024-55864,vulnerability--c792fc87-2d04-4971-9f5c-07330ceba11a +vulnerability,CVE-2024-55059,vulnerability--41458325-155e-43d8-bc19-52303553e362 +vulnerability,CVE-2024-55514,vulnerability--99fa1226-a351-45c7-95fd-0816a9dad3a9 +vulnerability,CVE-2024-55056,vulnerability--d420736a-8afe-4638-8ba7-715bc8603154 +vulnerability,CVE-2024-55058,vulnerability--ed3ede47-c51c-4ed2-85d1-c29b30ddbd10 +vulnerability,CVE-2024-55496,vulnerability--450c0260-22e3-4409-ba3c-2aa69e48a9e6 +vulnerability,CVE-2024-55515,vulnerability--cbebc31b-774a-4429-a4ef-acfd9297ae9b +vulnerability,CVE-2024-49819,vulnerability--2eb0306a-be68-40ba-8efa-d4dd3392f17b +vulnerability,CVE-2024-49820,vulnerability--17acf8d6-765b-4a43-8d20-fbc831476f78 +vulnerability,CVE-2024-49194,vulnerability--ebbfb3d1-25c6-402e-b51e-92803cc9de4c +vulnerability,CVE-2024-49817,vulnerability--7bff4fb4-c101-4e54-9cfc-56eac6c5ff6e +vulnerability,CVE-2024-49816,vulnerability--d2fa8f49-0c51-4b86-8e10-dde9e9ba0c13 +vulnerability,CVE-2024-49818,vulnerability--a6fff532-9436-41a8-b108-f6b99a712161 +vulnerability,CVE-2024-56139,vulnerability--4eb1b618-988c-4767-be85-2d76114c1ec1 +vulnerability,CVE-2024-56142,vulnerability--33005581-5f80-4a3c-8c45-69e7d1145100 +vulnerability,CVE-2024-36832,vulnerability--ba81e49c-837a-4152-95fb-99f63b2dea9e +vulnerability,CVE-2024-36831,vulnerability--e03df5ca-a796-4466-89b4-1afe94d102f9 +vulnerability,CVE-2024-42194,vulnerability--b9a8fedd-8f24-4036-a963-95d5646d822e +vulnerability,CVE-2024-29646,vulnerability--66568489-01a2-4c54-bc0b-3af3c074b4d9 +vulnerability,CVE-2021-26279,vulnerability--042df7d1-e85f-4975-bf67-a2e4711054ab +vulnerability,CVE-2021-26280,vulnerability--05adb52b-afeb-4367-96ad-f027c3753f56 +vulnerability,CVE-2021-26278,vulnerability--f54f99f2-cac4-46f4-b2cb-90e6eebc16df +vulnerability,CVE-2021-26281,vulnerability--5ffd3bb4-3a8d-4308-9f4f-cc2e3d169814 +vulnerability,CVE-2023-37940,vulnerability--4df48b10-cf69-47da-8540-872bd48339c3 +vulnerability,CVE-2020-12487,vulnerability--5c2239f3-4785-46de-91cf-84f97d8f1134 +vulnerability,CVE-2020-12484,vulnerability--b1c300d7-1336-411b-bc40-b51214b0559a diff --git a/objects/vulnerability/vulnerability--042df7d1-e85f-4975-bf67-a2e4711054ab.json b/objects/vulnerability/vulnerability--042df7d1-e85f-4975-bf67-a2e4711054ab.json new file mode 100644 index 00000000000..71e1a0be6ea --- /dev/null +++ b/objects/vulnerability/vulnerability--042df7d1-e85f-4975-bf67-a2e4711054ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb3eda6d-8b7d-4f27-a12d-d836db05a7c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--042df7d1-e85f-4975-bf67-a2e4711054ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:54.191551Z", + "modified": "2024-12-18T00:21:54.191551Z", + "name": "CVE-2021-26279", + "description": "Some parameters of the weather module are improperly stored, leaking some sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-26279" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05adb52b-afeb-4367-96ad-f027c3753f56.json b/objects/vulnerability/vulnerability--05adb52b-afeb-4367-96ad-f027c3753f56.json new file mode 100644 index 00000000000..6d41298d4b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--05adb52b-afeb-4367-96ad-f027c3753f56.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--02a991a5-122a-4c88-a4cd-a51c00ddd355", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05adb52b-afeb-4367-96ad-f027c3753f56", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:54.198297Z", + "modified": "2024-12-18T00:21:54.198297Z", + "name": "CVE-2021-26280", + "description": "Locally installed application can bypass the permission check and perform system operations that require permission.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-26280" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d8d99b4-e4ec-4abf-a990-08e14160f2be.json b/objects/vulnerability/vulnerability--0d8d99b4-e4ec-4abf-a990-08e14160f2be.json new file mode 100644 index 00000000000..223e6294777 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d8d99b4-e4ec-4abf-a990-08e14160f2be.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40137635-0cd2-4440-86ad-0944c7f78069", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d8d99b4-e4ec-4abf-a990-08e14160f2be", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.054571Z", + "modified": "2024-12-18T00:21:50.054571Z", + "name": "CVE-2024-12199", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12199" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--115c75be-1b7d-4369-a11c-eab0ce1c6d7e.json b/objects/vulnerability/vulnerability--115c75be-1b7d-4369-a11c-eab0ce1c6d7e.json new file mode 100644 index 00000000000..5da8bc16139 --- /dev/null +++ b/objects/vulnerability/vulnerability--115c75be-1b7d-4369-a11c-eab0ce1c6d7e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b0b0493-26ca-4733-8c4b-8a676ba196c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--115c75be-1b7d-4369-a11c-eab0ce1c6d7e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.475892Z", + "modified": "2024-12-18T00:21:51.475892Z", + "name": "CVE-2024-54662", + "description": "Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54662" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13df7f2c-0bcf-4b18-9b1c-bf193cbe1726.json b/objects/vulnerability/vulnerability--13df7f2c-0bcf-4b18-9b1c-bf193cbe1726.json new file mode 100644 index 00000000000..8cc49265ee7 --- /dev/null +++ b/objects/vulnerability/vulnerability--13df7f2c-0bcf-4b18-9b1c-bf193cbe1726.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8946a942-a90d-4c81-80e3-a365b3323fdb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13df7f2c-0bcf-4b18-9b1c-bf193cbe1726", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.038005Z", + "modified": "2024-12-18T00:21:50.038005Z", + "name": "CVE-2024-12200", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12200" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14d1e388-6699-47eb-a2fe-7790382aadb8.json b/objects/vulnerability/vulnerability--14d1e388-6699-47eb-a2fe-7790382aadb8.json new file mode 100644 index 00000000000..dc8cdee92d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--14d1e388-6699-47eb-a2fe-7790382aadb8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3731a97b-41c6-4b91-9e08-76b06c5f81ba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14d1e388-6699-47eb-a2fe-7790382aadb8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.014668Z", + "modified": "2024-12-18T00:21:50.014668Z", + "name": "CVE-2024-12197", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12197" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--156022d6-a78f-48ad-81c9-7893b3395bcb.json b/objects/vulnerability/vulnerability--156022d6-a78f-48ad-81c9-7893b3395bcb.json new file mode 100644 index 00000000000..dc62ce625a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--156022d6-a78f-48ad-81c9-7893b3395bcb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--429ab99e-32bd-48e2-b9d5-980c1a17bbfb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--156022d6-a78f-48ad-81c9-7893b3395bcb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.893272Z", + "modified": "2024-12-18T00:21:50.893272Z", + "name": "CVE-2024-8972", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8972" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17acf8d6-765b-4a43-8d20-fbc831476f78.json b/objects/vulnerability/vulnerability--17acf8d6-765b-4a43-8d20-fbc831476f78.json new file mode 100644 index 00000000000..2ed7c47630c --- /dev/null +++ b/objects/vulnerability/vulnerability--17acf8d6-765b-4a43-8d20-fbc831476f78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d799d8a7-1c8c-43d4-ac29-b74b3b28e1e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17acf8d6-765b-4a43-8d20-fbc831476f78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.574221Z", + "modified": "2024-12-18T00:21:51.574221Z", + "name": "CVE-2024-49820", + "description": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49820" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1bb7e050-62d2-42be-8c43-da7b8ac42c58.json b/objects/vulnerability/vulnerability--1bb7e050-62d2-42be-8c43-da7b8ac42c58.json new file mode 100644 index 00000000000..f2ba1db7cd6 --- /dev/null +++ b/objects/vulnerability/vulnerability--1bb7e050-62d2-42be-8c43-da7b8ac42c58.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94a56640-0fe4-4a3c-af86-2f8ceaf8f392", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1bb7e050-62d2-42be-8c43-da7b8ac42c58", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.897194Z", + "modified": "2024-12-18T00:21:50.897194Z", + "name": "CVE-2024-8429", + "description": "Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8429" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e79bce8-18e1-4898-94eb-64b3fa2a5346.json b/objects/vulnerability/vulnerability--1e79bce8-18e1-4898-94eb-64b3fa2a5346.json new file mode 100644 index 00000000000..f08f00ac13d --- /dev/null +++ b/objects/vulnerability/vulnerability--1e79bce8-18e1-4898-94eb-64b3fa2a5346.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed8570fe-add4-4ceb-b8ba-b69749baad3d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e79bce8-18e1-4898-94eb-64b3fa2a5346", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.340752Z", + "modified": "2024-12-18T00:21:51.340752Z", + "name": "CVE-2024-37606", + "description": "A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37606" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--228d5e69-ea1c-4a7a-8524-54ce01769ec5.json b/objects/vulnerability/vulnerability--228d5e69-ea1c-4a7a-8524-54ce01769ec5.json new file mode 100644 index 00000000000..7a2c1acba1a --- /dev/null +++ b/objects/vulnerability/vulnerability--228d5e69-ea1c-4a7a-8524-54ce01769ec5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58af62df-e1d4-4881-8984-c2f769f1ef4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--228d5e69-ea1c-4a7a-8524-54ce01769ec5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.04677Z", + "modified": "2024-12-18T00:21:50.04677Z", + "name": "CVE-2024-12198", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12198" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a5c26c9-5da7-4925-b88b-28818c4dede4.json b/objects/vulnerability/vulnerability--2a5c26c9-5da7-4925-b88b-28818c4dede4.json new file mode 100644 index 00000000000..65a73573299 --- /dev/null +++ b/objects/vulnerability/vulnerability--2a5c26c9-5da7-4925-b88b-28818c4dede4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86992651-eee8-4dd9-9e17-1c49a3b12620", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a5c26c9-5da7-4925-b88b-28818c4dede4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.04055Z", + "modified": "2024-12-18T00:21:50.04055Z", + "name": "CVE-2024-12193", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12193" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c64da4a-fce1-42ad-b14b-42ba4f564fbf.json b/objects/vulnerability/vulnerability--2c64da4a-fce1-42ad-b14b-42ba4f564fbf.json new file mode 100644 index 00000000000..600fe4ffb3e --- /dev/null +++ b/objects/vulnerability/vulnerability--2c64da4a-fce1-42ad-b14b-42ba4f564fbf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--beafa1c6-33f3-47ff-980f-69ab302e5661", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c64da4a-fce1-42ad-b14b-42ba4f564fbf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.116005Z", + "modified": "2024-12-18T00:21:50.116005Z", + "name": "CVE-2024-10205", + "description": "Authentication Bypass\nvulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics \n\ncomponent\n\n).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10205" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2dbc4652-9f85-4f53-a537-1d271520d3a0.json b/objects/vulnerability/vulnerability--2dbc4652-9f85-4f53-a537-1d271520d3a0.json new file mode 100644 index 00000000000..8f25eac6058 --- /dev/null +++ b/objects/vulnerability/vulnerability--2dbc4652-9f85-4f53-a537-1d271520d3a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e18d6b45-7295-4707-a64d-d1ac808796b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2dbc4652-9f85-4f53-a537-1d271520d3a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.569551Z", + "modified": "2024-12-18T00:21:50.569551Z", + "name": "CVE-2024-11280", + "description": "The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11280" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e390297-ddff-4467-af60-5370539cafe6.json b/objects/vulnerability/vulnerability--2e390297-ddff-4467-af60-5370539cafe6.json new file mode 100644 index 00000000000..470161e54fe --- /dev/null +++ b/objects/vulnerability/vulnerability--2e390297-ddff-4467-af60-5370539cafe6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6cd3e4c9-cd57-4c30-a5a2-392036cad5dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e390297-ddff-4467-af60-5370539cafe6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.850382Z", + "modified": "2024-12-18T00:21:50.850382Z", + "name": "CVE-2024-53144", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE\n\nThis aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4\n(\"Bluetooth: Always request for user confirmation for Just Works\")\nalways request user confirmation with confirm_hint set since the\nlikes of bluetoothd have dedicated policy around JUST_WORKS method\n(e.g. main.conf:JustWorksRepairing).\n\nCVE: CVE-2024-8805", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53144" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2eb0306a-be68-40ba-8efa-d4dd3392f17b.json b/objects/vulnerability/vulnerability--2eb0306a-be68-40ba-8efa-d4dd3392f17b.json new file mode 100644 index 00000000000..7a3bd9ca50a --- /dev/null +++ b/objects/vulnerability/vulnerability--2eb0306a-be68-40ba-8efa-d4dd3392f17b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e22ec32-bbb9-4313-a280-db112afd776a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2eb0306a-be68-40ba-8efa-d4dd3392f17b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.565162Z", + "modified": "2024-12-18T00:21:51.565162Z", + "name": "CVE-2024-49819", + "description": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33005581-5f80-4a3c-8c45-69e7d1145100.json b/objects/vulnerability/vulnerability--33005581-5f80-4a3c-8c45-69e7d1145100.json new file mode 100644 index 00000000000..947f93f0282 --- /dev/null +++ b/objects/vulnerability/vulnerability--33005581-5f80-4a3c-8c45-69e7d1145100.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e972548f-ab7a-4ae2-b885-e338a6119efd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33005581-5f80-4a3c-8c45-69e7d1145100", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.689004Z", + "modified": "2024-12-18T00:21:51.689004Z", + "name": "CVE-2024-56142", + "description": "pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56142" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--335512cd-8173-4074-acd1-44167c750048.json b/objects/vulnerability/vulnerability--335512cd-8173-4074-acd1-44167c750048.json new file mode 100644 index 00000000000..27c67db3357 --- /dev/null +++ b/objects/vulnerability/vulnerability--335512cd-8173-4074-acd1-44167c750048.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a3a0407-e09c-432f-a7ea-b443100715f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--335512cd-8173-4074-acd1-44167c750048", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.053287Z", + "modified": "2024-12-18T00:21:50.053287Z", + "name": "CVE-2024-12395", + "description": "The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12395" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--361cb349-4bbe-4b45-97f0-fe8701febd98.json b/objects/vulnerability/vulnerability--361cb349-4bbe-4b45-97f0-fe8701febd98.json new file mode 100644 index 00000000000..ce46738198f --- /dev/null +++ b/objects/vulnerability/vulnerability--361cb349-4bbe-4b45-97f0-fe8701febd98.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c272e111-8b4b-4bf4-9336-b5be6efefd2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--361cb349-4bbe-4b45-97f0-fe8701febd98", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.573933Z", + "modified": "2024-12-18T00:21:50.573933Z", + "name": "CVE-2024-11993", + "description": "Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11993" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3922697f-0948-459c-9caf-af964bc92530.json b/objects/vulnerability/vulnerability--3922697f-0948-459c-9caf-af964bc92530.json new file mode 100644 index 00000000000..8a31aca655b --- /dev/null +++ b/objects/vulnerability/vulnerability--3922697f-0948-459c-9caf-af964bc92530.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--63e7dac8-2268-4e77-ad6f-f173f3ba29ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3922697f-0948-459c-9caf-af964bc92530", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:49.739731Z", + "modified": "2024-12-18T00:21:49.739731Z", + "name": "CVE-2024-51479", + "description": "Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51479" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41458325-155e-43d8-bc19-52303553e362.json b/objects/vulnerability/vulnerability--41458325-155e-43d8-bc19-52303553e362.json new file mode 100644 index 00000000000..8ef8476aa2b --- /dev/null +++ b/objects/vulnerability/vulnerability--41458325-155e-43d8-bc19-52303553e362.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0df87305-674b-4c91-afd2-568c2fa7a2df", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41458325-155e-43d8-bc19-52303553e362", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.5292Z", + "modified": "2024-12-18T00:21:51.5292Z", + "name": "CVE-2024-55059", + "description": "A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55059" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--450c0260-22e3-4409-ba3c-2aa69e48a9e6.json b/objects/vulnerability/vulnerability--450c0260-22e3-4409-ba3c-2aa69e48a9e6.json new file mode 100644 index 00000000000..f951e843120 --- /dev/null +++ b/objects/vulnerability/vulnerability--450c0260-22e3-4409-ba3c-2aa69e48a9e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1657d9b-6419-4cfc-9483-359936bc6741", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--450c0260-22e3-4409-ba3c-2aa69e48a9e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.549945Z", + "modified": "2024-12-18T00:21:51.549945Z", + "name": "CVE-2024-55496", + "description": "A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55496" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--46eb8dfc-6f08-41c6-a343-bb873fa0aabf.json b/objects/vulnerability/vulnerability--46eb8dfc-6f08-41c6-a343-bb873fa0aabf.json new file mode 100644 index 00000000000..aa3bd77f274 --- /dev/null +++ b/objects/vulnerability/vulnerability--46eb8dfc-6f08-41c6-a343-bb873fa0aabf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4490478e-6281-41a3-855a-5d7e3de5e0a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--46eb8dfc-6f08-41c6-a343-bb873fa0aabf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.514141Z", + "modified": "2024-12-18T00:21:51.514141Z", + "name": "CVE-2024-55513", + "description": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55513" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4df48b10-cf69-47da-8540-872bd48339c3.json b/objects/vulnerability/vulnerability--4df48b10-cf69-47da-8540-872bd48339c3.json new file mode 100644 index 00000000000..4b8e176fd5f --- /dev/null +++ b/objects/vulnerability/vulnerability--4df48b10-cf69-47da-8540-872bd48339c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1dd446c6-e04c-4dda-922d-e182db8772f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4df48b10-cf69-47da-8540-872bd48339c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:22:00.861855Z", + "modified": "2024-12-18T00:22:00.861855Z", + "name": "CVE-2023-37940", + "description": "Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-37940" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4eb1b618-988c-4767-be85-2d76114c1ec1.json b/objects/vulnerability/vulnerability--4eb1b618-988c-4767-be85-2d76114c1ec1.json new file mode 100644 index 00000000000..a3068ff8615 --- /dev/null +++ b/objects/vulnerability/vulnerability--4eb1b618-988c-4767-be85-2d76114c1ec1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--798fb01c-f67e-43e1-b5b6-2a5d6cc15829", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4eb1b618-988c-4767-be85-2d76114c1ec1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.685972Z", + "modified": "2024-12-18T00:21:51.685972Z", + "name": "CVE-2024-56139", + "description": "pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56139" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55366ce0-f1f0-4a3e-a1a4-6a65f63e7959.json b/objects/vulnerability/vulnerability--55366ce0-f1f0-4a3e-a1a4-6a65f63e7959.json new file mode 100644 index 00000000000..f2ac24f2212 --- /dev/null +++ b/objects/vulnerability/vulnerability--55366ce0-f1f0-4a3e-a1a4-6a65f63e7959.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--86f2a3cc-57de-4711-b9c0-a8681960d12a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55366ce0-f1f0-4a3e-a1a4-6a65f63e7959", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.056866Z", + "modified": "2024-12-18T00:21:50.056866Z", + "name": "CVE-2024-12220", + "description": "The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12220" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57271ff4-fd3f-47b8-a9ce-c72f15c2d1c9.json b/objects/vulnerability/vulnerability--57271ff4-fd3f-47b8-a9ce-c72f15c2d1c9.json new file mode 100644 index 00000000000..ad070330be6 --- /dev/null +++ b/objects/vulnerability/vulnerability--57271ff4-fd3f-47b8-a9ce-c72f15c2d1c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79a3662d-2ccd-428e-bb15-ec1d8183f9c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57271ff4-fd3f-47b8-a9ce-c72f15c2d1c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.020169Z", + "modified": "2024-12-18T00:21:50.020169Z", + "name": "CVE-2024-12178", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12178" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c2239f3-4785-46de-91cf-84f97d8f1134.json b/objects/vulnerability/vulnerability--5c2239f3-4785-46de-91cf-84f97d8f1134.json new file mode 100644 index 00000000000..7fb86d5af86 --- /dev/null +++ b/objects/vulnerability/vulnerability--5c2239f3-4785-46de-91cf-84f97d8f1134.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c350ed90-4530-4728-b3e0-49a4403b576d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c2239f3-4785-46de-91cf-84f97d8f1134", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:22:05.20308Z", + "modified": "2024-12-18T00:22:05.20308Z", + "name": "CVE-2020-12487", + "description": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-12487" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5ffd3bb4-3a8d-4308-9f4f-cc2e3d169814.json b/objects/vulnerability/vulnerability--5ffd3bb4-3a8d-4308-9f4f-cc2e3d169814.json new file mode 100644 index 00000000000..ba0fc52e6db --- /dev/null +++ b/objects/vulnerability/vulnerability--5ffd3bb4-3a8d-4308-9f4f-cc2e3d169814.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0292b3c-f2dd-4ca0-b131-2a3819e1c4fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5ffd3bb4-3a8d-4308-9f4f-cc2e3d169814", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:54.243023Z", + "modified": "2024-12-18T00:21:54.243023Z", + "name": "CVE-2021-26281", + "description": "Some parameters of the alarm clock module are improperly stored, leaking some sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-26281" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62106809-3524-41b1-b469-333fa6d73d19.json b/objects/vulnerability/vulnerability--62106809-3524-41b1-b469-333fa6d73d19.json new file mode 100644 index 00000000000..783be8fd3e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--62106809-3524-41b1-b469-333fa6d73d19.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4165a439-7c00-4611-b131-f67cf912889a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62106809-3524-41b1-b469-333fa6d73d19", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.0261Z", + "modified": "2024-12-18T00:21:50.0261Z", + "name": "CVE-2024-12024", + "description": "The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.\r\nNote: this vulnerability requires the \"Guest Submissions\" setting to be enabled. It is disabled by default.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12024" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--64c84e57-59fb-4a4e-9913-de3e5142531f.json b/objects/vulnerability/vulnerability--64c84e57-59fb-4a4e-9913-de3e5142531f.json new file mode 100644 index 00000000000..048a8bdbbe8 --- /dev/null +++ b/objects/vulnerability/vulnerability--64c84e57-59fb-4a4e-9913-de3e5142531f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03926c1b-e261-4d4a-b8f8-1ad8ffaee04f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--64c84e57-59fb-4a4e-9913-de3e5142531f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.044905Z", + "modified": "2024-12-18T00:21:50.044905Z", + "name": "CVE-2024-12671", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12671" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--64e39b4e-e1ec-4edc-b906-7e7e314b9626.json b/objects/vulnerability/vulnerability--64e39b4e-e1ec-4edc-b906-7e7e314b9626.json new file mode 100644 index 00000000000..af139b01f09 --- /dev/null +++ b/objects/vulnerability/vulnerability--64e39b4e-e1ec-4edc-b906-7e7e314b9626.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0298caf3-9266-46ca-a88c-d47853612ed3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--64e39b4e-e1ec-4edc-b906-7e7e314b9626", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.566926Z", + "modified": "2024-12-18T00:21:50.566926Z", + "name": "CVE-2024-11294", + "description": "The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11294" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66568489-01a2-4c54-bc0b-3af3c074b4d9.json b/objects/vulnerability/vulnerability--66568489-01a2-4c54-bc0b-3af3c074b4d9.json new file mode 100644 index 00000000000..97f5e827b5c --- /dev/null +++ b/objects/vulnerability/vulnerability--66568489-01a2-4c54-bc0b-3af3c074b4d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--441f001f-3f55-44fd-af90-8dda12343734", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66568489-01a2-4c54-bc0b-3af3c074b4d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:52.381851Z", + "modified": "2024-12-18T00:21:52.381851Z", + "name": "CVE-2024-29646", + "description": "Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29646" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--67ff4141-411e-414b-8776-6d273ae61f5a.json b/objects/vulnerability/vulnerability--67ff4141-411e-414b-8776-6d273ae61f5a.json new file mode 100644 index 00000000000..37d64a50e1d --- /dev/null +++ b/objects/vulnerability/vulnerability--67ff4141-411e-414b-8776-6d273ae61f5a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7132f50-1de1-45c3-bd99-47321e799ea6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--67ff4141-411e-414b-8776-6d273ae61f5a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.511116Z", + "modified": "2024-12-18T00:21:51.511116Z", + "name": "CVE-2024-55057", + "description": "Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55057" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69633a83-4ae6-4fe0-adec-a4ac701ac536.json b/objects/vulnerability/vulnerability--69633a83-4ae6-4fe0-adec-a4ac701ac536.json new file mode 100644 index 00000000000..3448714ad09 --- /dev/null +++ b/objects/vulnerability/vulnerability--69633a83-4ae6-4fe0-adec-a4ac701ac536.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9525786f-2096-4b86-a571-51f0e071a8cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69633a83-4ae6-4fe0-adec-a4ac701ac536", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.02175Z", + "modified": "2024-12-18T00:21:50.02175Z", + "name": "CVE-2024-12192", + "description": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12192" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--696daa6a-8391-4baf-88de-8083c2708f09.json b/objects/vulnerability/vulnerability--696daa6a-8391-4baf-88de-8083c2708f09.json new file mode 100644 index 00000000000..cf994cc9c15 --- /dev/null +++ b/objects/vulnerability/vulnerability--696daa6a-8391-4baf-88de-8083c2708f09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff21d485-37ec-4dd6-be0e-4664a55d39dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--696daa6a-8391-4baf-88de-8083c2708f09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.018386Z", + "modified": "2024-12-18T00:21:50.018386Z", + "name": "CVE-2024-12469", + "description": "The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12469" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69a1e304-4833-4e13-8a5d-576d3c2eab28.json b/objects/vulnerability/vulnerability--69a1e304-4833-4e13-8a5d-576d3c2eab28.json new file mode 100644 index 00000000000..9c276d60f2f --- /dev/null +++ b/objects/vulnerability/vulnerability--69a1e304-4833-4e13-8a5d-576d3c2eab28.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40038bdf-e5b7-4689-b51e-05a006ada746", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69a1e304-4833-4e13-8a5d-576d3c2eab28", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.394535Z", + "modified": "2024-12-18T00:21:51.394535Z", + "name": "CVE-2024-37607", + "description": "A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70137041-fb54-4487-b911-b6bc0104fa43.json b/objects/vulnerability/vulnerability--70137041-fb54-4487-b911-b6bc0104fa43.json new file mode 100644 index 00000000000..ff5eac1c653 --- /dev/null +++ b/objects/vulnerability/vulnerability--70137041-fb54-4487-b911-b6bc0104fa43.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--180c2301-3ade-43d2-8955-676e146c724f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70137041-fb54-4487-b911-b6bc0104fa43", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.060404Z", + "modified": "2024-12-18T00:21:50.060404Z", + "name": "CVE-2024-12669", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12669" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74447789-35ee-43bc-934e-b51b2cd89963.json b/objects/vulnerability/vulnerability--74447789-35ee-43bc-934e-b51b2cd89963.json new file mode 100644 index 00000000000..086716e05c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--74447789-35ee-43bc-934e-b51b2cd89963.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a7f967c-d032-40ce-ac34-403ba724a99b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74447789-35ee-43bc-934e-b51b2cd89963", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.069965Z", + "modified": "2024-12-18T00:21:50.069965Z", + "name": "CVE-2024-10973", + "description": "A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10973" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--75370c80-3fd4-4ea8-84b8-a5353d8a2089.json b/objects/vulnerability/vulnerability--75370c80-3fd4-4ea8-84b8-a5353d8a2089.json new file mode 100644 index 00000000000..7b519144188 --- /dev/null +++ b/objects/vulnerability/vulnerability--75370c80-3fd4-4ea8-84b8-a5353d8a2089.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d382dc1-5cbe-41a6-a8bc-f6c5d7ac16e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--75370c80-3fd4-4ea8-84b8-a5353d8a2089", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.011594Z", + "modified": "2024-12-18T00:21:50.011594Z", + "name": "CVE-2024-12179", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12179" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b847ff6-7e24-4f33-b3af-c58d027188ca.json b/objects/vulnerability/vulnerability--7b847ff6-7e24-4f33-b3af-c58d027188ca.json new file mode 100644 index 00000000000..08a5f13fc28 --- /dev/null +++ b/objects/vulnerability/vulnerability--7b847ff6-7e24-4f33-b3af-c58d027188ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39f4e317-8760-4d36-9d84-c6367947f155", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b847ff6-7e24-4f33-b3af-c58d027188ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.131521Z", + "modified": "2024-12-18T00:21:51.131521Z", + "name": "CVE-2024-31668", + "description": "rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31668" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7bff4fb4-c101-4e54-9cfc-56eac6c5ff6e.json b/objects/vulnerability/vulnerability--7bff4fb4-c101-4e54-9cfc-56eac6c5ff6e.json new file mode 100644 index 00000000000..adefcdb0c88 --- /dev/null +++ b/objects/vulnerability/vulnerability--7bff4fb4-c101-4e54-9cfc-56eac6c5ff6e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c9b4919-e59e-44e0-b82e-ac28b2aa5822", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7bff4fb4-c101-4e54-9cfc-56eac6c5ff6e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.595174Z", + "modified": "2024-12-18T00:21:51.595174Z", + "name": "CVE-2024-49817", + "description": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49817" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ddfa831-8bb5-4c04-a4cb-e621ae99254b.json b/objects/vulnerability/vulnerability--8ddfa831-8bb5-4c04-a4cb-e621ae99254b.json new file mode 100644 index 00000000000..56cd07b126b --- /dev/null +++ b/objects/vulnerability/vulnerability--8ddfa831-8bb5-4c04-a4cb-e621ae99254b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee05d1e7-d0cb-47c3-9ba2-7dd6b1d92c5a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ddfa831-8bb5-4c04-a4cb-e621ae99254b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.908534Z", + "modified": "2024-12-18T00:21:50.908534Z", + "name": "CVE-2024-8475", + "description": "Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f405f03-2b0e-46b8-8ff3-d3f9068a91e7.json b/objects/vulnerability/vulnerability--8f405f03-2b0e-46b8-8ff3-d3f9068a91e7.json new file mode 100644 index 00000000000..db8da2e4d34 --- /dev/null +++ b/objects/vulnerability/vulnerability--8f405f03-2b0e-46b8-8ff3-d3f9068a91e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f33858f8-774b-48a7-bbd8-5965d93602b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f405f03-2b0e-46b8-8ff3-d3f9068a91e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:49.92143Z", + "modified": "2024-12-18T00:21:49.92143Z", + "name": "CVE-2024-52792", + "description": "LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`.\nThe values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line.\nAn attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed in version 9.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52792" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93fa2aad-69bc-481a-a724-da0f0e901b91.json b/objects/vulnerability/vulnerability--93fa2aad-69bc-481a-a724-da0f0e901b91.json new file mode 100644 index 00000000000..10ac3e15c78 --- /dev/null +++ b/objects/vulnerability/vulnerability--93fa2aad-69bc-481a-a724-da0f0e901b91.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5bcdcaad-825d-4b92-862b-befd474175b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93fa2aad-69bc-481a-a724-da0f0e901b91", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.024578Z", + "modified": "2024-12-18T00:21:50.024578Z", + "name": "CVE-2024-12293", + "description": "The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_roles() function. This makes it possible for unauthenticated attackers to add or remove roles for arbitrary users, including escalating their privileges to administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12293" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96668a76-d3ee-4657-84de-e1cd0dc6587f.json b/objects/vulnerability/vulnerability--96668a76-d3ee-4657-84de-e1cd0dc6587f.json new file mode 100644 index 00000000000..0a5dc55f0b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--96668a76-d3ee-4657-84de-e1cd0dc6587f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df26b766-3294-4848-b4b9-504ddd7e7392", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96668a76-d3ee-4657-84de-e1cd0dc6587f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.553992Z", + "modified": "2024-12-18T00:21:50.553992Z", + "name": "CVE-2024-11999", + "description": "CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete\ncontrol of the device when an authenticated user installs malicious code into HMI product.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11999" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--979daf62-2a55-4acf-84d9-57d531210ef1.json b/objects/vulnerability/vulnerability--979daf62-2a55-4acf-84d9-57d531210ef1.json new file mode 100644 index 00000000000..b2c63d4a7bf --- /dev/null +++ b/objects/vulnerability/vulnerability--979daf62-2a55-4acf-84d9-57d531210ef1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce1ba92a-52fd-4b5c-8ae4-fa8a59ee3e80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--979daf62-2a55-4acf-84d9-57d531210ef1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.392552Z", + "modified": "2024-12-18T00:21:51.392552Z", + "name": "CVE-2024-37605", + "description": "A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37605" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99fa1226-a351-45c7-95fd-0816a9dad3a9.json b/objects/vulnerability/vulnerability--99fa1226-a351-45c7-95fd-0816a9dad3a9.json new file mode 100644 index 00000000000..8aa02324752 --- /dev/null +++ b/objects/vulnerability/vulnerability--99fa1226-a351-45c7-95fd-0816a9dad3a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d16e61a-4d90-4e2c-a825-27ee9eb24eee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99fa1226-a351-45c7-95fd-0816a9dad3a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.539806Z", + "modified": "2024-12-18T00:21:51.539806Z", + "name": "CVE-2024-55514", + "description": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55514" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9dcf6100-f427-471a-84b3-0f3090bcefa4.json b/objects/vulnerability/vulnerability--9dcf6100-f427-471a-84b3-0f3090bcefa4.json new file mode 100644 index 00000000000..b887382df55 --- /dev/null +++ b/objects/vulnerability/vulnerability--9dcf6100-f427-471a-84b3-0f3090bcefa4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d13cecb8-69e5-4fad-9cc5-ee7e965bf09b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9dcf6100-f427-471a-84b3-0f3090bcefa4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.03586Z", + "modified": "2024-12-18T00:21:50.03586Z", + "name": "CVE-2024-12191", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12191" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1914f6a-0af0-4828-aaa9-8d8313f74cda.json b/objects/vulnerability/vulnerability--a1914f6a-0af0-4828-aaa9-8d8313f74cda.json new file mode 100644 index 00000000000..753a49d8c84 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1914f6a-0af0-4828-aaa9-8d8313f74cda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fed92bee-61f1-4f8c-9fec-5720682f2b63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1914f6a-0af0-4828-aaa9-8d8313f74cda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.039242Z", + "modified": "2024-12-18T00:21:50.039242Z", + "name": "CVE-2024-12356", + "description": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12356" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a290f81e-8adb-4706-8c8e-446628dc7b83.json b/objects/vulnerability/vulnerability--a290f81e-8adb-4706-8c8e-446628dc7b83.json new file mode 100644 index 00000000000..0c0124f92cd --- /dev/null +++ b/objects/vulnerability/vulnerability--a290f81e-8adb-4706-8c8e-446628dc7b83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d8569ced-b512-4de9-bd66-3ff7f0f2da4d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a290f81e-8adb-4706-8c8e-446628dc7b83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.154573Z", + "modified": "2024-12-18T00:21:50.154573Z", + "name": "CVE-2024-9819", + "description": "Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3f6c377-0961-46b9-a733-7bf656cab1b4.json b/objects/vulnerability/vulnerability--a3f6c377-0961-46b9-a733-7bf656cab1b4.json new file mode 100644 index 00000000000..3889cfad1cb --- /dev/null +++ b/objects/vulnerability/vulnerability--a3f6c377-0961-46b9-a733-7bf656cab1b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3170aa59-c9b1-482b-a375-d71dd85e8bd9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3f6c377-0961-46b9-a733-7bf656cab1b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.01341Z", + "modified": "2024-12-18T00:21:50.01341Z", + "name": "CVE-2024-12670", + "description": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12670" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6fff532-9436-41a8-b108-f6b99a712161.json b/objects/vulnerability/vulnerability--a6fff532-9436-41a8-b108-f6b99a712161.json new file mode 100644 index 00000000000..6989062cff6 --- /dev/null +++ b/objects/vulnerability/vulnerability--a6fff532-9436-41a8-b108-f6b99a712161.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f96e2eb8-7007-4fc4-bedf-b446de5f52fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6fff532-9436-41a8-b108-f6b99a712161", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.621033Z", + "modified": "2024-12-18T00:21:51.621033Z", + "name": "CVE-2024-49818", + "description": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 \n\ncould allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49818" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a7175a64-df12-43ad-b03a-155550ffbf7c.json b/objects/vulnerability/vulnerability--a7175a64-df12-43ad-b03a-155550ffbf7c.json new file mode 100644 index 00000000000..060196477bd --- /dev/null +++ b/objects/vulnerability/vulnerability--a7175a64-df12-43ad-b03a-155550ffbf7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af4de48c-e70a-4fa4-afde-718a0967421f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a7175a64-df12-43ad-b03a-155550ffbf7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.352823Z", + "modified": "2024-12-18T00:21:50.352823Z", + "name": "CVE-2024-50379", + "description": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50379" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1c300d7-1336-411b-bc40-b51214b0559a.json b/objects/vulnerability/vulnerability--b1c300d7-1336-411b-bc40-b51214b0559a.json new file mode 100644 index 00000000000..1515a05adf3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1c300d7-1336-411b-bc40-b51214b0559a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4dde039-1224-43f4-8de3-9c313ddf7a19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1c300d7-1336-411b-bc40-b51214b0559a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:22:05.227727Z", + "modified": "2024-12-18T00:22:05.227727Z", + "name": "CVE-2020-12484", + "description": "When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-12484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b806b22a-576e-4408-b13b-0118a6f5dff3.json b/objects/vulnerability/vulnerability--b806b22a-576e-4408-b13b-0118a6f5dff3.json new file mode 100644 index 00000000000..13719707fc9 --- /dev/null +++ b/objects/vulnerability/vulnerability--b806b22a-576e-4408-b13b-0118a6f5dff3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06949201-901f-4e26-9b31-eb4c836b6535", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b806b22a-576e-4408-b13b-0118a6f5dff3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:49.700775Z", + "modified": "2024-12-18T00:21:49.700775Z", + "name": "CVE-2024-51175", + "description": "An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-51175" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9a8fedd-8f24-4036-a963-95d5646d822e.json b/objects/vulnerability/vulnerability--b9a8fedd-8f24-4036-a963-95d5646d822e.json new file mode 100644 index 00000000000..04c1ebc0a2d --- /dev/null +++ b/objects/vulnerability/vulnerability--b9a8fedd-8f24-4036-a963-95d5646d822e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6fb48d28-ea15-49bc-b153-c53dd8800759", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9a8fedd-8f24-4036-a963-95d5646d822e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.993838Z", + "modified": "2024-12-18T00:21:51.993838Z", + "name": "CVE-2024-42194", + "description": "An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-42194" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba81e49c-837a-4152-95fb-99f63b2dea9e.json b/objects/vulnerability/vulnerability--ba81e49c-837a-4152-95fb-99f63b2dea9e.json new file mode 100644 index 00000000000..b516cd7fef3 --- /dev/null +++ b/objects/vulnerability/vulnerability--ba81e49c-837a-4152-95fb-99f63b2dea9e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12552458-0029-404b-b45f-46def5e40f67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba81e49c-837a-4152-95fb-99f63b2dea9e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.852409Z", + "modified": "2024-12-18T00:21:51.852409Z", + "name": "CVE-2024-36832", + "description": "A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36832" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bda45d49-b901-4773-ad4a-4e7996382584.json b/objects/vulnerability/vulnerability--bda45d49-b901-4773-ad4a-4e7996382584.json new file mode 100644 index 00000000000..276bc2a0fc0 --- /dev/null +++ b/objects/vulnerability/vulnerability--bda45d49-b901-4773-ad4a-4e7996382584.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--57a047f3-eee8-496e-aa04-d318a66fb820", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bda45d49-b901-4773-ad4a-4e7996382584", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.028902Z", + "modified": "2024-12-18T00:21:50.028902Z", + "name": "CVE-2024-12219", + "description": "The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12219" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c00824ce-2b6e-48e3-8948-42a41f6c81b5.json b/objects/vulnerability/vulnerability--c00824ce-2b6e-48e3-8948-42a41f6c81b5.json new file mode 100644 index 00000000000..330e749d803 --- /dev/null +++ b/objects/vulnerability/vulnerability--c00824ce-2b6e-48e3-8948-42a41f6c81b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0de35fb-cb09-4b0f-8335-5a4637f6a223", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c00824ce-2b6e-48e3-8948-42a41f6c81b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.032202Z", + "modified": "2024-12-18T00:21:50.032202Z", + "name": "CVE-2024-12601", + "description": "The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12601" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c792fc87-2d04-4971-9f5c-07330ceba11a.json b/objects/vulnerability/vulnerability--c792fc87-2d04-4971-9f5c-07330ceba11a.json new file mode 100644 index 00000000000..722a791cbe0 --- /dev/null +++ b/objects/vulnerability/vulnerability--c792fc87-2d04-4971-9f5c-07330ceba11a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3364296e-2789-4ffa-affc-72aa9fb3b580", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c792fc87-2d04-4971-9f5c-07330ceba11a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.518917Z", + "modified": "2024-12-18T00:21:51.518917Z", + "name": "CVE-2024-55864", + "description": "Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55864" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cbebc31b-774a-4429-a4ef-acfd9297ae9b.json b/objects/vulnerability/vulnerability--cbebc31b-774a-4429-a4ef-acfd9297ae9b.json new file mode 100644 index 00000000000..7255ed54d98 --- /dev/null +++ b/objects/vulnerability/vulnerability--cbebc31b-774a-4429-a4ef-acfd9297ae9b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d44d4971-0a7d-43ca-8bd0-fd5d2a6df303", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cbebc31b-774a-4429-a4ef-acfd9297ae9b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.552725Z", + "modified": "2024-12-18T00:21:51.552725Z", + "name": "CVE-2024-55515", + "description": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55515" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cda47857-debd-4893-8ac7-d740ee79270a.json b/objects/vulnerability/vulnerability--cda47857-debd-4893-8ac7-d740ee79270a.json new file mode 100644 index 00000000000..afd63606358 --- /dev/null +++ b/objects/vulnerability/vulnerability--cda47857-debd-4893-8ac7-d740ee79270a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b88eed3-831a-44fc-baeb-c598fa8ee592", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cda47857-debd-4893-8ac7-d740ee79270a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.506954Z", + "modified": "2024-12-18T00:21:51.506954Z", + "name": "CVE-2024-55516", + "description": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55516" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d09d8acb-6dd9-4d19-9a2b-4f1337a0ce68.json b/objects/vulnerability/vulnerability--d09d8acb-6dd9-4d19-9a2b-4f1337a0ce68.json new file mode 100644 index 00000000000..984895afe33 --- /dev/null +++ b/objects/vulnerability/vulnerability--d09d8acb-6dd9-4d19-9a2b-4f1337a0ce68.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42880a74-ea71-4448-a730-f809b756dca0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d09d8acb-6dd9-4d19-9a2b-4f1337a0ce68", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.059462Z", + "modified": "2024-12-18T00:21:50.059462Z", + "name": "CVE-2024-12539", + "description": "An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12539" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d2fa8f49-0c51-4b86-8e10-dde9e9ba0c13.json b/objects/vulnerability/vulnerability--d2fa8f49-0c51-4b86-8e10-dde9e9ba0c13.json new file mode 100644 index 00000000000..1ebfcad42b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--d2fa8f49-0c51-4b86-8e10-dde9e9ba0c13.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9477d016-dd79-4520-aa81-ce8f0c974d46", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d2fa8f49-0c51-4b86-8e10-dde9e9ba0c13", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.607008Z", + "modified": "2024-12-18T00:21:51.607008Z", + "name": "CVE-2024-49816", + "description": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49816" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d420736a-8afe-4638-8ba7-715bc8603154.json b/objects/vulnerability/vulnerability--d420736a-8afe-4638-8ba7-715bc8603154.json new file mode 100644 index 00000000000..fcd3d6d087d --- /dev/null +++ b/objects/vulnerability/vulnerability--d420736a-8afe-4638-8ba7-715bc8603154.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--898b31e4-ee8c-4023-a433-02a2a141592d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d420736a-8afe-4638-8ba7-715bc8603154", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.542751Z", + "modified": "2024-12-18T00:21:51.542751Z", + "name": "CVE-2024-55056", + "description": "A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55056" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7c9e6d4-26df-4511-8614-a9e7e4e13371.json b/objects/vulnerability/vulnerability--d7c9e6d4-26df-4511-8614-a9e7e4e13371.json new file mode 100644 index 00000000000..761f9cdeb8e --- /dev/null +++ b/objects/vulnerability/vulnerability--d7c9e6d4-26df-4511-8614-a9e7e4e13371.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b47af1f-0e0b-4c6b-9c67-854f2cc92b72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7c9e6d4-26df-4511-8614-a9e7e4e13371", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.089907Z", + "modified": "2024-12-18T00:21:50.089907Z", + "name": "CVE-2024-10476", + "description": "Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics\nSolution is only in scope of\nthis vulnerability when\ninstalled on a NUC server. BD Synapsys™\nInformatics Solution installed\non a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is\nnot in scope.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10476" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dad3e9a8-9d73-4943-8472-5453db0ded74.json b/objects/vulnerability/vulnerability--dad3e9a8-9d73-4943-8472-5453db0ded74.json new file mode 100644 index 00000000000..7ce795035b2 --- /dev/null +++ b/objects/vulnerability/vulnerability--dad3e9a8-9d73-4943-8472-5453db0ded74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--972da221-5bc8-4fb0-a29e-52939bf41f20", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dad3e9a8-9d73-4943-8472-5453db0ded74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.16373Z", + "modified": "2024-12-18T00:21:50.16373Z", + "name": "CVE-2024-9779", + "description": "A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name \"cluster-manager\" which is bound to a ClusterRole also named \"cluster-manager\", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9779" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd16fb6a-0615-4cfc-810b-c084fb5eb630.json b/objects/vulnerability/vulnerability--dd16fb6a-0615-4cfc-810b-c084fb5eb630.json new file mode 100644 index 00000000000..63706419ba0 --- /dev/null +++ b/objects/vulnerability/vulnerability--dd16fb6a-0615-4cfc-810b-c084fb5eb630.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a7e054f-b27d-49a6-b674-15835d896aa1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd16fb6a-0615-4cfc-810b-c084fb5eb630", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.031254Z", + "modified": "2024-12-18T00:21:50.031254Z", + "name": "CVE-2024-12194", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12194" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e03df5ca-a796-4466-89b4-1afe94d102f9.json b/objects/vulnerability/vulnerability--e03df5ca-a796-4466-89b4-1afe94d102f9.json new file mode 100644 index 00000000000..473fe7bf741 --- /dev/null +++ b/objects/vulnerability/vulnerability--e03df5ca-a796-4466-89b4-1afe94d102f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--764fca01-b028-4899-b2b8-764563da2e67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e03df5ca-a796-4466-89b4-1afe94d102f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.864652Z", + "modified": "2024-12-18T00:21:51.864652Z", + "name": "CVE-2024-36831", + "description": "A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36831" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0565a3f-bfe7-429b-b741-20e5af3f204c.json b/objects/vulnerability/vulnerability--e0565a3f-bfe7-429b-b741-20e5af3f204c.json new file mode 100644 index 00000000000..338002519f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--e0565a3f-bfe7-429b-b741-20e5af3f204c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff9dab5d-b822-4b8c-87bb-e64e629f0765", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0565a3f-bfe7-429b-b741-20e5af3f204c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.006252Z", + "modified": "2024-12-18T00:21:50.006252Z", + "name": "CVE-2024-12239", + "description": "The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6f90917-977d-4fee-9df1-f54bb3ff2ad1.json b/objects/vulnerability/vulnerability--e6f90917-977d-4fee-9df1-f54bb3ff2ad1.json new file mode 100644 index 00000000000..86ba8b29012 --- /dev/null +++ b/objects/vulnerability/vulnerability--e6f90917-977d-4fee-9df1-f54bb3ff2ad1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c18e431b-6de6-483c-b3b4-18073f7a4157", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6f90917-977d-4fee-9df1-f54bb3ff2ad1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.555643Z", + "modified": "2024-12-18T00:21:50.555643Z", + "name": "CVE-2024-11422", + "description": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11422" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb394e53-63d3-422e-b698-0c5204cdae18.json b/objects/vulnerability/vulnerability--eb394e53-63d3-422e-b698-0c5204cdae18.json new file mode 100644 index 00000000000..16f16fb1c86 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb394e53-63d3-422e-b698-0c5204cdae18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9478b638-5c29-4d03-b7ef-461afe4a87fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb394e53-63d3-422e-b698-0c5204cdae18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.462249Z", + "modified": "2024-12-18T00:21:51.462249Z", + "name": "CVE-2024-54677", + "description": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ebbfb3d1-25c6-402e-b51e-92803cc9de4c.json b/objects/vulnerability/vulnerability--ebbfb3d1-25c6-402e-b51e-92803cc9de4c.json new file mode 100644 index 00000000000..e9f7d895f5a --- /dev/null +++ b/objects/vulnerability/vulnerability--ebbfb3d1-25c6-402e-b51e-92803cc9de4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10690087-5dbf-4538-8352-4273069124a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ebbfb3d1-25c6-402e-b51e-92803cc9de4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.57986Z", + "modified": "2024-12-18T00:21:51.57986Z", + "name": "CVE-2024-49194", + "description": "Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49194" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec94cf8c-5eba-44a9-9a60-3ada93398de3.json b/objects/vulnerability/vulnerability--ec94cf8c-5eba-44a9-9a60-3ada93398de3.json new file mode 100644 index 00000000000..ab649720aec --- /dev/null +++ b/objects/vulnerability/vulnerability--ec94cf8c-5eba-44a9-9a60-3ada93398de3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6eaa530d-287d-407f-8c18-b39ae7c48823", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec94cf8c-5eba-44a9-9a60-3ada93398de3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:49.88689Z", + "modified": "2024-12-18T00:21:49.88689Z", + "name": "CVE-2024-52542", + "description": "Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52542" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed3ede47-c51c-4ed2-85d1-c29b30ddbd10.json b/objects/vulnerability/vulnerability--ed3ede47-c51c-4ed2-85d1-c29b30ddbd10.json new file mode 100644 index 00000000000..fcf2c70c678 --- /dev/null +++ b/objects/vulnerability/vulnerability--ed3ede47-c51c-4ed2-85d1-c29b30ddbd10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8964feb3-16c0-402f-9df5-352a1b905aa4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed3ede47-c51c-4ed2-85d1-c29b30ddbd10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.544798Z", + "modified": "2024-12-18T00:21:51.544798Z", + "name": "CVE-2024-55058", + "description": "An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55058" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed89ab84-175c-4393-bfc3-42d49d3893d0.json b/objects/vulnerability/vulnerability--ed89ab84-175c-4393-bfc3-42d49d3893d0.json new file mode 100644 index 00000000000..6d80914be0c --- /dev/null +++ b/objects/vulnerability/vulnerability--ed89ab84-175c-4393-bfc3-42d49d3893d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2a7d9c5-ebec-4915-8c8c-c436b6451d20", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed89ab84-175c-4393-bfc3-42d49d3893d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:51.481932Z", + "modified": "2024-12-18T00:21:51.481932Z", + "name": "CVE-2024-54125", + "description": "Improper authorization in handler for custom URL scheme issue in \"Shonen Jump+\" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54125" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee47ce32-e4d1-4354-83d4-4a8954fd342a.json b/objects/vulnerability/vulnerability--ee47ce32-e4d1-4354-83d4-4a8954fd342a.json new file mode 100644 index 00000000000..69ba90658ae --- /dev/null +++ b/objects/vulnerability/vulnerability--ee47ce32-e4d1-4354-83d4-4a8954fd342a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb91f0a5-0996-4652-b9ee-2b5c5b58abe9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee47ce32-e4d1-4354-83d4-4a8954fd342a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.161665Z", + "modified": "2024-12-18T00:21:50.161665Z", + "name": "CVE-2024-9624", + "description": "The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On cloud platforms, it might allow attackers to read the Instance metadata.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9624" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef0b3c5b-483a-48a3-b914-095e8b886ad0.json b/objects/vulnerability/vulnerability--ef0b3c5b-483a-48a3-b914-095e8b886ad0.json new file mode 100644 index 00000000000..2c838d2d868 --- /dev/null +++ b/objects/vulnerability/vulnerability--ef0b3c5b-483a-48a3-b914-095e8b886ad0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf6b59b6-fcfe-4517-ba70-8eccd8770535", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef0b3c5b-483a-48a3-b914-095e8b886ad0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.034257Z", + "modified": "2024-12-18T00:21:50.034257Z", + "name": "CVE-2024-12127", + "description": "The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12127" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0399420-7705-43a8-9c6e-caaaa834d3fa.json b/objects/vulnerability/vulnerability--f0399420-7705-43a8-9c6e-caaaa834d3fa.json new file mode 100644 index 00000000000..c3a6abf81e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0399420-7705-43a8-9c6e-caaaa834d3fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55c32a90-11f1-4e4f-a973-045be19215ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0399420-7705-43a8-9c6e-caaaa834d3fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.921442Z", + "modified": "2024-12-18T00:21:50.921442Z", + "name": "CVE-2024-8326", + "description": "The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including user data and database configuration information, which can lead to reading, updating, or dropping database tables. The vulnerability was partially patched in version 241114.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8326" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1e301d9-2660-4faf-a24b-a67beba893b5.json b/objects/vulnerability/vulnerability--f1e301d9-2660-4faf-a24b-a67beba893b5.json new file mode 100644 index 00000000000..e6bd2c5528e --- /dev/null +++ b/objects/vulnerability/vulnerability--f1e301d9-2660-4faf-a24b-a67beba893b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a59cb480-7652-4be0-9a03-dae5af413e70", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1e301d9-2660-4faf-a24b-a67beba893b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.066383Z", + "modified": "2024-12-18T00:21:50.066383Z", + "name": "CVE-2024-10356", + "description": "The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10356" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3714bca-0238-4114-b424-a5f8c1c103bd.json b/objects/vulnerability/vulnerability--f3714bca-0238-4114-b424-a5f8c1c103bd.json new file mode 100644 index 00000000000..c45ee6771f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--f3714bca-0238-4114-b424-a5f8c1c103bd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aec285fe-91af-4b62-a039-f12bd9c5ba11", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3714bca-0238-4114-b424-a5f8c1c103bd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.129918Z", + "modified": "2024-12-18T00:21:50.129918Z", + "name": "CVE-2024-9654", + "description": "The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the intended recipient of the purchase receipt. This makes it possible for unauthenticated attackers to bypass intended security restrictions and view the receipts of other users, which contains a link to download paid content. Successful exploitation requires knowledge of another customers email address as well as the file ID of the content they purchased.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9654" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f54f99f2-cac4-46f4-b2cb-90e6eebc16df.json b/objects/vulnerability/vulnerability--f54f99f2-cac4-46f4-b2cb-90e6eebc16df.json new file mode 100644 index 00000000000..c0f1f46e139 --- /dev/null +++ b/objects/vulnerability/vulnerability--f54f99f2-cac4-46f4-b2cb-90e6eebc16df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2d0d80e2-76b9-4ce3-83b8-cd44dbf78d9b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f54f99f2-cac4-46f4-b2cb-90e6eebc16df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:54.231971Z", + "modified": "2024-12-18T00:21:54.231971Z", + "name": "CVE-2021-26278", + "description": "The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-26278" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8821bc0-8970-4ee9-a0b5-6377515f2011.json b/objects/vulnerability/vulnerability--f8821bc0-8970-4ee9-a0b5-6377515f2011.json new file mode 100644 index 00000000000..e50ed0f6c62 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8821bc0-8970-4ee9-a0b5-6377515f2011.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--965d26de-4e8a-4703-a26b-51a77f07345f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8821bc0-8970-4ee9-a0b5-6377515f2011", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-18T00:21:50.973588Z", + "modified": "2024-12-18T00:21:50.973588Z", + "name": "CVE-2024-38499", + "description": "CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute \"caf encrypt\"/\"sd_acmd encrypt\" commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38499" + } + ] + } + ] +} \ No newline at end of file